The married couple Michael Auger and Runa Sandvik managed to prove that a high end smart targeting riffle can be hacked through WiFi, infiltrating into the weapon’s system via internet. It took a year for them to crack, but they have definitely pointed out the flaws within the TrackingPoint weapon’s system, which may prove useful in the future.
And likely, it will cause at least some murmurs at this year’s Black Hat hacking conference. The Linux and Android based weapon is worth $13,000 and yet the software has shown weaknesses that can be easily accessed through the basic WiFi connection. The riffle has auto-targeting options and a default WiFi password that can ultimately affect its function.
The couple managed to find a way to breaking into the riffle’s system by treating it as the average network server and took command through a series of package exploits. When they gained control of the riffle, they showed that they can modify its functionality or even render it useless.
The riffle can be hacked by modifying certain variables without the user’s knowledge and forcing it to miss its target. Sandvik claimed that you can constantly “lie” to the weapon and make it miss shots. They were also able to disable the riffle’s scope computer, prevent the weapon from firing at all, or the worst change, it could manipulate the riffle into switching targets.
The hack can lock away the user’s access, disabling them from shooting through any means, but the software does have one strong point that the hackers couldn’t ultimately break. It cannot be fired without someone pulling the trigger. Thankfully, considering the consequences might’ve been catastrophic if such as feat could be achieved.
Infiltrating the riffle’s software can be done from the average remote computer through the basic WLAN connection. According to Sandvik, after the entire system is compromised, all the user will have would be a useless “six or seven thousand dollar computer” on a riffle that you still have to aim yourself.
The couple has send their findings to the weapon’s developer, TrackingPoint, but have yet to hear anything back. Since then though, the company has laid off a substantial number of employees and the riffle is no longer being shipped, but there are reportedly 1,000 units out there.
They could prove dangerous even in the right hands, in spite of the fact that TrackingPoint stated that it’s “highly unlikely” that a hunter on a ranch Texas or the African Serengeti will have a WiFi connection around that could mess with the weapon’s auto-targeting system. And yet, a patch is apparently incoming.
Image source: wired.com